VYPR
← All advisories
Moderate severityNVD Advisory· Published Oct 24, 2023· Updated Nov 3, 2025

Mercurial configuration injectable in repo revision when installing via pip

CVE-2023-5752

Description

When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In pip before v23.3, a Mercurial revision string can inject arbitrary --config options to hg clone, allowing repository manipulation.

The vulnerability exists in pip's Mercurial backend where the get_base_rev_args function returned ["-r", rev]. Because the revision string was passed as a separate argument, a specially crafted revision could include additional options like --config, which hg clone would interpret as its own arguments. This allowed an attacker to inject arbitrary Mercurial configuration settings into the clone operation [2][4].

To exploit the flaw, an attacker would supply a malicious revision in a Mercurial VCS URL, such as hg+http://example.com/repo@rev, where rev contains --config directives. No special privileges are required beyond the ability to convince a user to install a package from that URL. The attack only affects users who install packages from Mercurial repositories [1][3].

Successful exploitation enables the attacker to control Mercurial's configuration during cloning. This can alter which repository is actually cloned, redirect to a malicious server, or potentially leak credentials if the configuration includes network settings or authentication options. The impact is repository substitution or credential theft [3].

The issue was addressed in pip version 23.3 by changing the argument syntax to -r=rev, which ensures the revision is treated as a single option value and cannot inject new flags [2][4]. Users are advised to upgrade pip or avoid installing packages from untrusted Mercurial URLs until updated.

References
  1. NVD - CVE-2023-5752
  2. Use `-r=...` instead of `-r ...` for hg · pypa/pip@389cb79
  3. advisory-database/vulns/pip/PYSEC-2023-228.yaml at main · pypa/advisory-database
  4. Use `-r=...` instead of `-r ...` for VCS CLI by pradyunsg · Pull Request #12306 · pypa/pip

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pipPyPI
< 23.323.3

Affected products

16

Patches

1
389cb799d0da

Use `-r=...` instead of `-r ...` for hg

https://github.com/pypa/pipPradyun GedamOct 1, 2023via ghsa
commit
2 files changed · +2 2
  • src/pip/_internal/vcs/mercurial.py+1 1 modified
    @@ -31,7 +31,7 @@ class Mercurial(VersionControl):
 
     @staticmethod
     def get_base_rev_args(rev: str) -> List[str]:
-        return ["-r", rev]
+        return [f"-r={rev}"]
 
     def fetch_new(
         self, dest: str, url: HiddenText, rev_options: RevOptions, verbosity: int
  • tests/unit/test_vcs.py+1 1 modified
    @@ -66,7 +66,7 @@ def test_rev_options_repr() -> None:
         # First check VCS-specific RevOptions behavior.
         (Bazaar, [], ["-r", "123"], {}),
         (Git, ["HEAD"], ["123"], {}),
-        (Mercurial, [], ["-r", "123"], {}),
+        (Mercurial, [], ["-r=123"], {}),
         (Subversion, [], ["-r", "123"], {}),
         # Test extra_args.  For this, test using a single VersionControl class.
         (

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

18

News mentions

0

No linked articles in our index yet.